|Home > Documentation > Configuring and administering > Administering Security > Configuring HTTP header-based authentication|
Single Sign-on is a method that provides access control for the server. It enables you to be authenticated only once and gain access to the resource of multiple software systems. In other words, a user agent that wishes to authenticate itself with a server might need to do so only once for the same security realm using Single Sign-on.
During such authentication, a CA server cross-checks the information that is appended to the HTTP headers. If the information is consistent with what the security realm defines, the identity of the client being authenticated is verified.
Applications that use the HTTP header-based authentication must configure their deployment descriptor as follows:
A well-known CA server is Siteminder, which helps to provide information to the application by setting specific headers on the HTTP request. By default, it uses the SM_USER header to pass the user name, which is later authenticated by the GenericHttpHeaderLoginmodule class in WebSphere Application Server Community Edition.
You can configure the security realm for HTTP header-based authentication. The following TestPropsRealm.xml file is a deployment plan used to create a [Properties file security realm] on the application server. Applications that use this security realm can achieve Single Sign-on.
Similarly, you can configure a deployment plan for the [LDAP Realm] or the [Database (SQL) Realm] to use the Siteminder for Single Sign-on.